问题
This is the first time I am using Jenkins and I have gone through several online articles but couldn’t find satisfactory answers. We have .Net project, and we are using private GitHub repository. Now I am trying to build CI server with Jenkins. Idea is to whenever developer push the code to GitHub we want to build the project on CI server. I have already installed Jenkins (v 1.646) and GitHub,Git and MSBuild Plugin on CI server. After working with Jenkins for last several hours i have now have several questions.
1> By default Jenkins runs on port 8080. But for continuous integration to work Jenkins must receive notification from GitHub. The port 8080 is by default blocked from the outside world, on CI server port 80 is open. I updated httpport in Jenkins.xml file so Jenkins is running on port 80.
I can access Jenkins from public internet and the web hook url is now http://ipaddress/github-webhook but this opens a big security hole because now anyone can access Jenskins. To solve this issue I have configured global security -> Project-based Matrix Authorization Strategy. So now only I can login and manage the projects. However any person can still type the IP address, land on Jenkins page and Create new user account. Ofcource that user cannot access anything but still it creates a new user in Jenkins’s database
So is there a way to run Jenkins management on port 8080 as usual, but receive notification on port 80
2> On Jenkins’s System Configuration page I only see “Git” and “GitHub Plugin Configuration”. I do not see “GitHub Web Hook” option, and also I don’t see “Let Jenkins auto-manage hook URLs” has this changed in version 1.646
3> Since we are using private repository, our project URL is https://github.com/MyCompanyName/reponame and repository URL is https://github.com/MyCompanyName/reponame.git note that the url has company name not the username. But I see error Jenkins log
Failed to remove hook from GitHubRepositoryName[host=github.com,username=MyCompanyName,repository=reponame] java.lang.NullPointerException: There is no credentials with admin access to manage hooks on GitHubRepositoryName[host=github.com,username=MyCompanyName,repository=reponame] at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:231)
Why its trying to use companyname as username? I have setup proper user credentials and it was able to PULL the code.
回答1:
1) Go to Configure global Security and uncheck "Allow users to sign up" to prevent creation of new accounts.
2&3) Go to Configure System/Github Plugin Configuration section and uncheck "Manage hook" if you don't have admin access or don't want to manage hooks from Jenkins.
回答2:
I'll add a second answer for other like me who stumbled here but couldn't fix it with the steps above:
1) Make sure to remove the trailling .git from your task SCM config
2) Make sure that you have set an ip/domain in Jenkins that can be reached by Github, since this is what will be used to create the hooks in your repos. This might be set to loopback by default if you are running in a VM for example
Results in this bad config in Github
3) Restart Jenkins with http://your-jenkins-address:port/restart
来源:https://stackoverflow.com/questions/35056008/jenkins-configuration-and-security-issues